Systems for mobile telecommunications are typically deployed in a certain geographic area. Service is provided using cellular communication towers with antennas communicatively connected to a central office. In the central office there are core components that enable the different features of the network. For example, in GSM (Global System for Mobile Communications), one of these components is a Home Location Register (HLR). The HLR stores for each user a directory number also commonly known as Mobile Subscriber Integrated Services Digital Network-Number (MSISDN), or commonly referred to as a phone number. People call each other by dialing the MSISDN for the destination. During an incoming call or message there is a component in the mobile network that translates the dialed MSISDN to an International Mobile Subscriber Identity (IMSI) which is the identity that is used within the mobile network to reach the subscriber.
Each subscriber is identified in and authenticated to the network using a Subscriber Identity Module (SIM) card. This SIM card holds a secret number Ki (typically 128-bit), which is stored securely on the SIM card and cannot be read from the card. The same Ki is stored for the user in the network Authentication Center (AuC), which is usually deployed together with the HLR. The SIM card also stores the IMSI, though the IMSI is read from the card by the mobile phone. A mobile network can authenticate a mobile phone asking for services from the network by verifying that the mobile phone has a SIM card that contains the secret Ki for that user. The authentication protocol between the mobile phone and the network typically involves sending a message in which the phone identifies itself, initially with its IMSI that the mobile phone reads from the SIM card. In response, the network challenges the mobile phone with a challenge C. The mobile phone transfers this challenge C to the SIM card, which uses its secret Ki to compute a response F(C,Ki). F is a cryptographically designed function such that from knowing (or even choosing C), and obtaining F(C,Ki) it is practically impossible to find the secret Ki, hence for a given IMSI, only the authentic SIM card can compute F(C,Ki) as only the authentic SIM has Ki. The Authentication Center also stores the secret Ki for that IMSI and can thus compute F(C,Ki) and verify the response by the mobile phone, thereby verifying that the authentic SIM card is in the phone. Some variations of this general protocol can also be implemented. For example, the mobile phone can authenticate the network to verify that the mobile phone is not being connected to a fake network.
The network can initiate authentication for every service it provides to the mobile phone including for incoming services such as receiving a call or a Short Message Service (SMS). The network can also ask the phone to encrypt the conversation between the network and the phone, where the encryption keys are derived from C and Ki in a similar way to the authentication and typically as part of the authentication process. For example, some of the bits of F(C,Ki) can be returned to the network as a proof of holding
Ki, and some of the bits can be kept by the phone as encryption and/or integrity keys. The HLR also stores the last known location for each user. Each cell tower is typically associated with a Mobile Switching Center (MSC) that routes calls and handles needed mobility management to keep calls, data, SMS, and other mobile services working even when users are moving between cell towers and even if the cell towers belong to different MSCs.
Each MSC has an associated Visitor Location Register (VLR). A VLR is a network component that keeps track of the cell location of each user in the coverage area of the MSC and associated VLR. The VLR reports the location of the mobile phone to the HLR associated with the mobile phone. Depending on the network configuration, a VLR can update the HLR when a user first enters the coverage of that specific VLR, but not update for every cell change in that VLR. In other cases, more detailed reporting is carried between the VLR to the HLR. For instance, the VLR can notify the HLR once a certain time-period has passed since receiving the current location of a mobile device. Alternatively, the VLR can update the HLR of every instance when the user changes cell towers, or with every location area change (e.g., where a location area is defined as one or more cells indicated as belonging to a location area. Each cell can belong to one location area, and each location area can belong to one VLR).
In addition to voice services, cellular service providers have deployed other services such as the ability to send and receive text messages to and from other users, a service commonly referred to as SMS (short message service).
A need often arises for users to travel with their mobile phone outside the coverage area of their home network, i.e., out of the coverage area of their mobile service provider that provides the user with a mobile subscription. To address such situations, mobile operators are typically connected in a series of roaming agreements with other operators or roaming brokers to provide roaming services to their subscribers. Such agreements allow users to obtain mobile service even when they are outside of their home network, although such roaming services are typically expensive relative to service within the user's home network.
Most signaling communication, as well as some of the data communication (such as SMS) is carried over a signaling network called Signaling System No. 7 (SS#7 or SS7). This network is used for communication inside a provider's network, and operators that have roaming agreements are typically also connected over SS7 networks. As networks are transitioning to an all-IP network, the SS7 is being complemented and replaced with other standards such as the Diameter protocol.
As telecommunication evolved, new types of communications also emerged, such as Voice over IP (VoIP), where users can receive and make phone calls over the Internet. Applications that allow receiving and sending short messages also emerged. These services sometimes communicate over a data network, typically carrying data over IP (Internet Protocol). As users consume these services on various devices such as personal computers, laptop devices, tablet devices, handheld phones, PDAs and the like, although such services generally are distinct from conventional cellular communications and require use of an application on the device or accessed through a web page.